I am interested in learning understanding about the basics of buffer over flow ,how it works?etc,can any one suggest me a good e-book or link or paper to understand the basic operation and functions of buffer overflow?

If you have $32 to spend, jump over to amazon and buy "Hacking: the art of exploitation." Then read some papers and realize that your money was well spent from all the time you saved reading a book that gives you a good grounding to digest everything else. Search the site for some book reviews on this. It is widely read and universally recommended.

BTW, I'm pathologically cheap, but I do invest money freely in two things:1. Good hardware2. Good documentation

Both actually save me money over the long haul. The book falls into the later category.

Equix3n- wrote:Do you have basic understanding of C/C++, specifically arrays,strings and pointers? If not then it'll be useful to firstly get some programming experience. I suggest reading "C programming language"

Just a quick note (and sorry for bringing up an old topic) as far as I am aware C does not support strings so that should only refer to C++. From how I learned it C only supports array's of characters.

Next to that all a great book that should be mentioned for learning C, some assembly and how it is used to write exploits would be "hacking, the art of exploitation".

Equix3n- wrote:Do you have basic understanding of C/C++, specifically arrays,strings and pointers? If not then it'll be useful to firstly get some programming experience. I suggest reading "C programming language"

Just a quick note (and sorry for bringing up an old topic) as far as I am aware C does not support strings so that should only refer to C++. From how I learned it C only supports array's of characters.

As others have already pointed out, securitytube is where I start for all such questions. With over 2,000 videos there's almost always something of interest on whatever subject you're interested in. And the videos are getting much better as people like Vivek have upgraded their editing software.

If you want a book, you should read Hacking: The Art Of Exploitation. Even if you cant program in C or Assembly it should get you into writing exploits. If you can do that well, you should read The Shellcoders Handbook, which goes a little bit further than The Art Of Exploitation but both will teach you how to write exploits, and how exploits work.

Quote from: H4TT1fn4TT on February 17, 2011, 05:11:12 PMQuote from: Equix3n- on September 19, 2010, 01:58:49 PMDo you have basic understanding of C/C++, specifically arrays,strings and pointers? If not then it'll be useful to firstly get some programming experience. I suggest reading "C programming language"Just a quick note (and sorry for bringing up an old topic) as far as I am aware C does not support strings so that should only refer to C++. From how I learned it C only supports array's of characters.

I think H4TT1fn4TT meant that C does not have a built-in "Strings" type, and he's right. Of course you can define your own types and data structures and call them whatever you want, but in C you don't have that native type as other languages do.